By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
Deny all
Accept all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Geordie named "Most Innovative Startup" at RSAC 2026 Conference Innovation Sandbox
No items found.
Customer Stories
|
Agentic AI Risk

How Owkin Averted $13M in Risk Exposure With Geordie AI

Owkin uncovered 327% more AI agents than expected, identified $13M in risk exposure, and proved EU AI Act compliance in minutes — all in a single Geordie AI POC.

Get Started
327%
More Agents Found
$12–13M
Risk Averted
10 min
To Compliance

Company Background

Owkin is a pioneering AI company operating at the intersection of machine learning, biomedical research and drug discovery. Founded with a mission to apply frontier AI to real-world scientific problems, Owkin builds and deploys AI models and agents to accelerate drug discovery, improve patient outcomes and unlock insights from some of the world's largest biomedical datasets — over 50 petabytes of data spanning genomics, imaging and clinical research.

Unlike most organisations that use AI as a productivity tool, AI is Owkin's core product. The company runs hundreds of agents across its infrastructure, drawing on multiple large language models simultaneously — including Claude, ChatGPT and Gemini — and has built its own internal AI platform comparable to ChatGPT but purpose-built for bioscience research. Owkin's customers include major pharmaceutical companies, academic medical centres and research institutions, all of whom hold Owkin to rigorous standards of AI safety, data governance and regulatory compliance.

As CISO, Leo Cunningham oversees security, governance, risk, compliance and — increasingly — AI safety across the organisation. Every initiative his team runs is tied to measurable business outcomes through an OKR framework, with expected ROI defined before any investment is made.

"We're at the frontier of AI with real world impact. We run a lot of agents. We use all sorts of different LLMs. We have over 50 petabytes of data. That's a kind of insight to our ecosystem."

The Challenges

Owkin's AI-first model created a governance problem that few organisations have had to confront at this scale or this early. The company was building and deploying agents faster than any existing security tool was built to observe — and with pharmaceutical partners, regulatory bodies and enterprise customers asking increasingly pointed questions about AI safety, operating without visibility was no longer an option.

The core problem was not a lack of security tools. It was a lack of the right tools for this specific problem.

Existing solutions in Owkin's stack — CSPM, CNAP, cloud compliance platforms — provided consolidated views of traditional infrastructure risk. None of them were built to see inside an AI agent ecosystem. There was no inventory of agents in production, no visibility into tool usage, no way to trace how LLMs connected to downstream systems, and no mechanism to detect risks introduced through prompts, credentials or connected libraries.

Specifically, Owkin needed to solve for:

  • No agent inventory — no visibility into which agents were running, who had deployed them or what they were connected to
  • No tool usage visibility — no way to track which tools agents were calling or how those tool chains connected across the environment
  • No credential or data leakage detection — no mechanism to detect when agents were passing sensitive information through prompts or connected services
  • No compliance evidence for AI — no way to respond to pharma partner audits or RFP questions about EU AI Act compliance without manual, time-consuming evidence gathering
  • No consolidated risk view — no single platform that tied AI risk to business impact, regulatory frameworks and quantifiable exposure

"Everyone takes the assumption that AI companies have lots of telemetry, lots of insight. But they really don't have anything that ties everything together and gives them a picture — shows them exactly how many agents are being used, who is putting things into production, even right down to the prompt layer and the connected ecosystem."

"We were operating in the blind. For us, that was not acceptable."

Requirements

Digital Transformation in Retail

This case study focuses on a traditional retail company undergoing digital transformation. By integrating e-commerce capabilities and enhancing their online presence, the company reported a 25% increase in sales within the first quarter. The study highlights the challenges faced during the transition and the strategies that led to successful implementation.

E-commerce Platform Optimization

This case study explores the optimization strategies implemented for a leading e-commerce platform. By analyzing user behavior and implementing targeted marketing campaigns, the platform saw a 30% increase in conversion rates over six months. Key strategies included A/B testing for landing pages, personalized email marketing, and improved site navigation.

Healthcare App Development

In this case study, we delve into the development of a healthcare application aimed at improving patient engagement. The app features appointment scheduling, medication reminders, and telehealth services. Post-launch feedback indicated a 40% increase in patient satisfaction, highlighting the importance of user-friendly design and functionality.

SaaS Product Launch

This case study outlines the successful launch of a SaaS product designed for project management. Through a combination of webinars, free trials, and customer feedback loops, the product gained over 1,000 users within the first month. The importance of continuous improvement based on user input is a key takeaway from this project.

Social Media Marketing for Startups

This case study examines the social media marketing strategies employed by a startup to build brand awareness. By leveraging platforms like Instagram and Twitter, the startup achieved a follower growth of 150% in three months. The study emphasizes the effectiveness of influencer partnerships and engaging content in reaching target audiences.

The Results

327% more agents than expected

The single most immediate finding was the scale of agent sprawl Owkin had not previously been able to see. Agents deployed across research workflows, internal tools and production systems had accumulated well beyond any existing inventory.

$12–13M in risk exposure identified and averted

Using Owkin's own mature risk quantification methodology — which assigns monetary value to exposures based on likelihood of exploitation and potential business impact — the findings from the Geordie POC translated into a calculated risk exposure of between $12 and $13 million.

EU AI Act compliance evidenced in under 10 minutes

A pharmaceutical partner RFP included a direct question about EU AI Act compliance. Before Geordie, answering that question would have required extensive manual evidence gathering — screenshots, manual audits, cross-referencing multiple systems.

Footer graphic with abstract geometric patterns and gradients

Know your agents. Govern with certainty.

Book a Demo